yah don't get me wrong I sure there labs are amazing and I sure they making lots money from companies who can afford $7 an hour but for someone new to the industry trying to work you way in with no money it just crazy

I plan to buy 10 hours of lab time. I know that thery are expensive compared to eLS or even OS*P. But, the best way of learning is by studying and doing.

In my opinion, if someone will go through the most of the labs he will be extremelly skilled. Also, consider the fact that the book is about 40$ plus 100 hours lab time is 740$. A lot, but a SANS course is more than 3000$.

I did SANS GWAPT, eLS and I have the book. Soon I will do a comparison between them.

I also think that paying by the hour will make you sweat more. Consider the following analogy: having a girfriend (pay monthly access) and "renting" a wh*re by the hour. In which case will you "give your best" and want the best ROI??

That is fair comment and yes compared to most courses run by sans its really good value. I personally would rather read the book use free alternatives and the money I save by not going into the labs spend on another course that would help me develop in another area.

I guess if you want to be amazing at web apps then spending the money on it like a course would be beneficial.

Yah I think if you just wanted to learn web apps then may you could do it as course buy the book spend rest on the labs but more pen tester have to be skilled in many area I personally would buy the book use the free apps then spend other money on networking security course.

@JamieI think that you are wrong. For example you have the chapter about session management and how to test the tokens. Then you have three labs where you can practice. Like this you'll apply what you've just read, and you'll better understand and remember.

I plan to do at least a lab from each category. If I a do OK I'll move on, otherwise I'll do another one.

If you'll read the book, and then read one about network secutiry, then wireless... you'll be cabbage. Honestly.

At the beggining I was upset about the fact that they only give hourly access (I still think that it is too expensive). But, for lazy guys like me this will be a motivation to really use that hour.

I think that they are loosing money by putting a price so high on the lab. It is like the horses you can find in the malls. I will not pay 1$ for my kids to play 2 minutes, but I will pay 50 cents (maybe I will have them play 3 times).

I agree with you that the price and book make sense if you look at it as a course. However IMO I would not pay for the labs as I think there are lots of free alternatives where you can practice most if not all the vulnerabilities in the book.

And I think one best way to lean web security is to build your own web applications and then break them.

IMO I think the price is too high and I think they would make more if it was more affordable.

I thought the eLS Coliseum Labs were great. They really helped me learn and remember the techniques that were taught during the course, and actually seeing what happens when you exploit a vuln helped a lot as well. The stories that went along with each battle made it fun too.

I haven't done the WAHH labs though, so I can't compare the two. But I can say that the eLS Labs are definitely worth it.

eLS = $99 for a month accessWAHH - At $7/hr, 2 hours a night, you'll get to $98 spent by the end of one week.